# Copy to .env and fill in as needed.
# Settings are primarily managed through the in-app Settings UI.
# These are NOT required — the app defaults to LM Studio with no API keys.

ANTHROPIC_API_KEY=
OPENAI_API_KEY=

# ── PostgreSQL ───────────────────────────────────────────────────────────────
# App user — SELECT/INSERT/UPDATE/DELETE only, used by FastAPI + Celery
DATABASE_URL=postgresql+psycopg://docuvault_app:changeme_app@postgres:5432/docuvault
# Migration user — DDL privileges, used ONLY by Alembic, never by the app at runtime
DATABASE_MIGRATE_URL=postgresql+psycopg://docuvault_migrate:changeme_migrate@postgres:5432/docuvault
# Superuser password for the postgres init container — used only by initdb.d scripts
POSTGRES_PASSWORD=changeme_super

# ── MinIO ────────────────────────────────────────────────────────────────────
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=changeme_minio_root
MINIO_ENDPOINT=minio:9000
# App-level access key — minimal permissions on docuvault bucket only
MINIO_ACCESS_KEY=docuvault_app
MINIO_SECRET_KEY=changeme_minio_app
MINIO_BUCKET=docuvault

# ── Redis ─────────────────────────────────────────────────────────────────────
REDIS_PASSWORD=changeme_redis
# Must match REDIS_PASSWORD; the leading : is the no-username form for requirepass
REDIS_URL=redis://:changeme_redis@redis:6379/0

# ── Security (Phase 2) ───────────────────────────────────────────────────────
# Not read by the app in Phase 1 — documented here for Phase 2 JWT + HKDF use
SECRET_KEY=CHANGEME-replace-with-64-char-random-hex